Access control method and system and access terminal

ABSTRACT

Embodiments of the present invention provide an access control method, an access control system, and an access terminal. The method includes: receiving, by an access terminal, an HTTP request message transmitted by a UE where a destination IP address is an IP address of the access terminal; obtaining an actual IP address corresponding to a website domain name according to DNS resolution when the website domain name is not the IP address of the access terminal, and controlling, according to the actual IP address, the UE to access a target site corresponding to the website domain name. The technical solutions of the present invention solve the problem that a user cannot access the target site because of the cache characteristic of the user equipment.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2012/076070 filed on May 25, 2012, which is hereby incorporated byreference in their entireties.

FIELD OF THE INVENTION

The present invention relates to network communication technologies, andin particular, to an access control method, an access control system,and an access terminal.

BACKGROUND OF THE INVENTION

A user equipment (User Equipment, UE) usually accesses a network throughan access terminal such as a router, a wireless router, or a wirelessnetwork card. After a user inputs a website domain name in a browser onthe user equipment, the browser queries a local cache. If an InternetProtocol (Internet Protocol, IP) address of a target site correspondingto the website domain name exists in the local cache, a HypertextTransport Protocol (Hypertext Transport Protocol, HTTP) request isdirectly initiated through the access terminal to the target site; andif the IP address of the site corresponding to the website domain namedoes not exist in the local cache, a domain name system (Domain NameSystem, DNS) query request is generated and transmitted to the accessterminal. The access terminal performs DNS resolution, obtains the IPaddress of the target site corresponding to the website domain name froman external DNS server, and returns the IP address to the browser, thebrowser caches correspondence between the website domain name and the IPaddress of the target site, the HTTP request is initiated through theaccess terminal to the target site, and finally, web page content of thetarget site is displayed to the user.

In the foregoing process, if the user equipment is not connected to thenetwork, the access terminal does not obtain the IP address of thetarget site from the DNS server, and the access terminal uses the IPaddress of the access terminal as a DNS resolution result and returnsthe DNS resolution result to the browser, and redirects the user to aWeb management page of the access terminal through the browser, so as toprovide a dialup access function for the user equipment. In the process,the browser caches the correspondence between the website domain nameand the IP address of the access terminal. After the user equipment canaccess the Internet, the user inputs an original website domain name inthe browser on the user equipment, the browser does not initiate the DNSresolution again, but directly uses the IP address of the correspondingaccess terminal in the cache to initiate the HTTP request, so the usersees the Web management page of the access terminal again, causing thatthe user cannot access the target site.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide an access control method,an access control system, and an access terminal, so as to solve theproblem that a user cannot access a target site.

In one aspect, an embodiment of the present invention provides an accesscontrol method, which includes:

receiving, by an access terminal, a Hypertext Transport Protocol HTTPrequest message transmitted by a user equipment wherein a destinationInternet Protocol IP address is an IP address of the access terminal,where the HTTP request message includes a website domain name;

obtaining, by the access terminal, an actual IP address corresponding tothe website domain name according to domain name system DNS resolutionwhen the website domain name is not a first domain name, where the firstdomain name is a domain name corresponding to the IP address of theaccess terminal; and

controlling, by the access terminal, the user equipment to access atarget site corresponding to the website domain name according to theactual IP address.

In another aspect, an embodiment of the present invention provides anaccess terminal, which includes:

a receiver, configured to receive a Hypertext Transport Protocol HTTPrequest message transmitted by a user equipment wherein a destinationInternet Protocol IP address is an IP address of the access terminal,where the HTTP request message includes a website domain name; and

a processor, configured to obtain an actual IP address corresponding tothe website domain name according to domain name system DNS resolutionwhen the website domain name is not a first domain name, and control,according to the actual IP address, the user equipment to access atarget site corresponding to the website domain name, where the firstdomain name is a domain name corresponding to the IP address of theaccess terminal.

In another aspect, an embodiment of the present invention provides anaccess control system, which includes a user equipment, an accessterminal, and a domain name system DNS server, wherein

the user equipment is configured to transmit a Hypertext TransportProtocol HTTP request message to the access terminal where a destinationInternet Protocol IP address is an IP address of the access terminal,where the HTTP request message includes a website domain name;

the access terminal includes:

a receiver, configured to receive the HTTP request message transmittedby the user equipment; and

a processor, configured to obtain an actual IP address corresponding tothe website domain name according to domain name system DNS resolutionwhen the website domain name is not a first domain name, and control,according to the actual IP address, the user equipment to access atarget site corresponding to the website domain name, where the firstdomain name is a domain name corresponding to the IP address of theaccess terminal; and

the DNS server is configured to perform the DNS resolution.

In the access control method, the access control system, and the accessterminal provided by the embodiments of the present invention, theaccess terminal, after receiving the HTTP request message wherein thedestination IP address is the IP address of the access terminal, bycomparing the website domain name in the HTTP request message with thedomain name corresponding to the IP address of the access terminal,determines the validity of the HTTP request message; and whendetermining that the HTTP request message is invalid, obtains the actualIP address corresponding to the website domain name according to the DNSresolution and controls, according to the obtained actual IP address,the user equipment to access the target site corresponding to thewebsite domain name, so as to enable the user equipment to successfullyaccess the target site corresponding to the website domain name. In thisway, the following problem is solved: after the website domain name isinput in the browser on the user equipment, the user cannot access thetarget site because of the characteristic that the browser caches the IPaddress returned by the access terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

To illustrate the technical solutions in the embodiments of the presentinvention or in the prior art more clearly, the following brieflydescribes the accompanying drawings required for describing theembodiments or the prior art. Apparently, the accompanying drawings inthe following description show some embodiments of the presentinvention, and persons of ordinary skill in the art can derive otherdrawings from these accompanying drawings without creative efforts.

FIG. 1A is a flow chart of an access control method according to anembodiment of the present invention;

FIG. 1B is a flow chart of an access control method according to anotherembodiment of the present invention;

FIG. 2A is a flow chart of an access control method according to anotherembodiment of the present invention;

FIG. 2B is a flow chart of an access control method according to anotherembodiment of the present invention;

FIG. 3A is a schematic structural diagram of an access terminalaccording to an embodiment of the present invention;

FIG. 3B is a schematic structural diagram of an access terminalaccording to another embodiment of the present invention; and

FIG. 4 is a schematic structural diagram of an access control systemaccording to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

To make the objectives, technical solutions, and advantages of thepresent invention more comprehensible, the following clearly andcompletely describes the technical solutions according to theembodiments of the present invention with reference to the accompanyingdrawings in the embodiments of the present invention. Apparently, theembodiments in the following description are merely a part rather thanall of the embodiments of the present invention. All other embodimentsobtained by persons of ordinary skill in the art based on theembodiments of the present invention without creative efforts shall fallwithin the protection scope of the present invention.

It is noted first that in the following embodiments of the presentinvention, a user equipment includes but is not limited to: a personalcomputer (Personal Computer, PC), a laptop computer, an IPAD, or a smartphone.

In the following embodiments of the present invention, an accessterminal may be, but not limited to, a router, a wireless router, or awireless network card (for example, a USB modem).

It is noted here that in the following embodiments of the presentinvention, operations performed by the user equipment may bespecifically performed by a browser on the user equipment, but is notlimited here.

An embodiment of the present invention provides an access controlmethod. In this embodiment of the present invention, the access controlmethod mainly includes:

An access terminal receives an HTTP request message transmitted by auser equipment where a destination IP address is an IP address of theaccess terminal, where the HTTP request message includes a websitedomain name. The website domain name may be a domain name input by auser in a browser on the user equipment and is used for accessing atarget site corresponding to the website domain name.

When the website domain name in the HTTP request message is not a firstdomain name, the access terminal obtains an actual IP addresscorresponding to the website domain name in the HTTP request messageaccording to DNS resolution; and then the access terminal controls,according to the obtained actual IP address, the user equipment toaccess the target site corresponding to the website domain name. Thefirst domain name is a domain name corresponding to the IP address ofthe access terminal. The actual IP address refers to an IP address ofthe target site corresponding to the website domain name. The websitedomain name in the HTTP request message is not the first domain name,and specifically, the access terminal, after receiving the HTTP requestmessage, determines whether the website domain name in the HTTP requestmessage is the first domain name. That is, the access terminaldetermines whether the website domain name in the HTTP request messageis the domain name corresponding to the IP address of the accessterminal. Specifically, the access terminal parses the HTTP requestmessage, obtains the website domain name from the HTTP request message,and then compares the obtained website domain name with the domain namecorresponding to the IP address of the access terminal, and determineswhether the obtained website domain name is the domain namecorresponding to the IP address of the access terminal. The accessterminal locally stores the domain name corresponding to the IP addressof the access terminal.

Optionally, the process in which the access terminal obtains the actualIP address corresponding to the website domain name according to the DNSresolution may be as follows: the access terminal transmits a DNSresolution request to a DNS server in an external network, so as toenable the DNS server to perform the DNS resolution on the websitedomain name and returns a DNS resolution result, where the DNSresolution request includes the website domain name, that is, the DNSresolution request may be used for querying the actual IP addresscorresponding to the website domain name; and the access terminalreceives the actual IP address corresponding to the website domain namereturned by the DNS server after the DNS server performs the DNSresolution on the website domain name. The DNS server refers to a serverwhich saves the correspondence between website domain namescorresponding to all sites and IP addresses in the network, and has afunction of converting a website domain name into a corresponding IPaddress.

Based on the above, before the access terminal transmits the DNSresolution request to the DNS server, an optional step may be furtherincluded: the access terminal determines whether the access terminal hasaccessed the external network. Specifically, the access terminal recordsa state indicates whether the access terminal has accessed the externalnetwork, and the access terminal can determine whether the accessterminal has accessed the external network according to the recordedstate. For example, an access mark is set on the access terminal, andthe access mark is used for identifying whether the access terminal hasaccessed the external network; after the access terminal has accessedthe external network, the access mark is set to 1; and when the accessterminal has not accessed the external network, the access mark is setto 0. Based on that, the access terminal determines whether the accessterminal has accessed the external network according to a value of theaccess mark. The value of the access value is not limited to 0 and 1.

When a determination result is that the access terminal has accessed theexternal network, the access terminal transmits the DNS resolutionrequest to the DNS server in the external network.

The external network may be a network enabling the access terminal toconnect to a network, for example, the external network may be a fixednetwork, wireless mobile network (for example, a 3G network and an LTEnetwork), WiFi network or Zigbee network, and may also be the Internetaccessed through the fixed network, mobile network, WiFi network, orZigbee network.

It is noted here that, in this embodiment of the present invention, theaccess terminal usually has a local area network (Local Area Network,LAN) IP address (which may be referred to as an in-network IP address)and a wide area network (Wide Area Network, WAN) IP address (which maybe referred to as an out-of-network IP network). The WAN IP address canbe obtained by converting the LAN IP address. In this embodiment of thepresent invention, the IP address of the access terminal may be an LANIP address of the access terminal.

In this embodiment, the access terminal, after receiving the HTTPrequest message where the destination IP address is the IP address ofthe access terminal, by comparing the website domain name in the HTTPrequest message with the domain name corresponding to the IP address ofthe access terminal, determines the validity of the HTTP requestmessage; and when the access terminal determines that the website domainname in the HTTP request message is not the domain name corresponding tothe IP address of the access terminal, it means that the HTTP requestmessage is transmitted by the user equipment using the cached IP addressof the access terminal as the actual IP address corresponding to thewebsite domain name, and therefore is an invalid request. In thisembodiment, based on the determination result, the access terminalobtains the actual IP address corresponding to the website domain namein the HTTP request message according to the DNS resolution, and thenbased on the obtained actual IP address, controls the user equipment toaccess the target site corresponding to the website domain name in theHTTP request message. In this way, the following problem is solved:after the website domain name is input in the browser on the userequipment, the user cannot access the target site because of thecharacteristic that the browser caches the IP address of the accessterminal.

In addition, in the case that the user equipment is set with cacheexpiration time, by using the access control method provided by thisembodiment, the user can successfully access the target sitecorresponding to the website domain name without waiting thecorrespondence, cached by the user equipment, between the IP address ofthe access terminal and the website domain name to expire, therebyimproving an efficiency for accessing the target site. In the case that,for the user equipment: the cached correspondence between the IP addressof the access terminal and the website domain name can be cleared byclosing and restarting the browser on the user equipment, by using theaccess control method provided by this embodiment, the user cansuccessfully access the target site corresponding to the website domainname without closing the browser on the user equipment, therebyimproving the efficiency for accessing the target site. It is noted herethat, in the case that the user equipment is set with the cacheexpiration time, when the cache expiration time does not arrive, thetarget site cannot be successfully accessed though the user closes thebrowser on the user equipment, however, by using the access controlmethod provided in this embodiment, the user can successfully access thetarget site corresponding to the website domain name neither needing toclose and restart the browser on the user equipment nor needing to waitthe cache time to expire, thereby improving the efficiency for accessingthe target site.

Furthermore, when the website domain name in the HTTP request message isthe first domain name, that is, the website domain name in the HTTPrequest message is the domain name corresponding to the IP address ofthe access terminal, it means that the HTTP request message is a requestused for the user equipment to request access to the Web management pageon the access terminal, and therefore, the access terminal transmits aDNS reply packet to the user equipment, so as to redirect the userequipment to the Web management page on the access terminal, where theDNS reply packet includes the IP address of the access terminal. In thiscase, after the user equipment is redirected to the Web management pageon the access terminal, the user can perform operations such as dialing,device management, and/or parameter configuration on the user equipmentthrough the Web management page on the access terminal according to anactual application requirement.

Furthermore, in the case that the website domain name in the HTTPrequest message is not the first domain name, if the access terminaldetermines that the access terminal has not accessed the externalnetwork, at this time, the DNS resolution request transmitted by theaccess terminal cannot reach the DNS server in the external network, andthe actual IP address corresponding to the website domain name cannot beobtained. Therefore, the access terminal can use the IP address of theaccess terminal as the DNS resolution result and encapsulate it in theDNS reply packet, and transmit the DNS reply packet to the userequipment so as to redirect the user equipment to the Web managementpage on the access terminal. In this case, after the user equipment isredirected to the Web management page on the access terminal, the userequipment can perform a dialing operation by accessing the Webmanagement page on the access terminal, so as to enable the accessterminal to access the external network. It is noted that the dialingoperation described here refers to an operation of executing access toan external network, and a result may include successfully accessing theexternal network and failing to access the external network.

Optionally, an implementation manner for the access terminal to control,according to the obtained actual IP address, the user equipment toaccess the target site corresponding to the website domain name may beas follows: the access terminal initiates an HTTP redirection request tothe user equipment, so as to enable the user equipment to reinitiate,according to the actual IP address corresponding to the website domainname, an HTTP request for accessing the target site, where the HTTPredirection request includes the actual IP address.

Optionally, an implementation manner for the access terminal to initiatethe HTTP redirection request to the user equipment may be as follows:the access terminal transmits an HTTP redirection request packet to theuser equipment.

Preferably, the access terminal may place the actual IP address in aheader (Header) field of the HTTP redirection packet, for example, in alocation (Location) field, but is not limited here.

The HTTP redirection packet may be a response code of an HTTP30x series.According to different operation systems or browser types of the userequipment, the HTTP redirection packet may be, but not limited to, anHTTP response code 300 (multiple choices), an HTTP response code 301(moved permanently), an HTTP response code 302 (found), an HTTP responsecode 303 (see other), or an HTTP response code 307 (temporary redirect).

Optionally, an implementation manner for the access terminal to transmitthe HTTP redirection request to the user equipment may be as follows:the access terminal transmits an HTTP redirection page to the userequipment, where the redirection page includes the actual IP address.

The redirection page is generally a prompting page, which, exceptincluding the actual IP address, generally further includes linkinformation pointing to the actual IP address. The link informationpointing to the actual IP address may be a browser client script or aplug-in in the redirection page. The script or plug-in may include butnot limited to: Javascript, VBScript, or Flash. The script or plug-in inthe redirection page can prompt the user to click or directly controlthe user equipment to initiate the HTTP request to the actual IPaddress. For example, in the Javascript, an implementation structure ofthe link information pointing to the actual IP address may be: window.location. href=“http://[actual IP address]”.

Usually, lengths of the cache expiration time of different userequipments are different, the common is 1 to 3 minutes, a goodten-minute, and so on, and it is long for the user to access the targetsite by waiting for the time of the length. Operations of closing andrestarting the browser on the user equipment are cumbersome, and amanual operation generally has a low efficiency, which also affects theefficiency for the user to access the target site. In this embodiment ofthe present invention, after the user equipment receives the HTTPredirection request packet or page returned by the access terminal, theHTTP request for accessing the target site can be directly initiatedaccording to the actual IP address in the HTTP redirection requestpacket or page, so it is neither required to wait the cachedcorrespondence between the website domain name and the IP address of theaccess terminal to expire, nor required to close the browser on the userequipment, thereby improving the efficiency for successfully accessingthe target site.

Optionally, another implementation manner for the access terminal tocontrol, according to the obtained actual IP address, the user equipmentto access the target site corresponding to the website domain name maybe as follows: the access terminal replaces the destination IP addressof the received HTTP request message with the actual IP address andtransmits the actual IP address, so as to enable the user equipment toaccess the target site corresponding to the website domain name. Theprocess in which the access terminal replaces the destination IP addressof the received HTTP request message with the actual IP address andtransmits the actual IP address, so as to enable the user equipment toaccess the target site corresponding to the website domain name may beas follows: the access terminal replaces the destination IP address ofthe received HTTP request message with the actual IP address andtransmits the actual IP address to the target site corresponding to thewebsite domain name, so as to enable the user equipment to access thetarget site corresponding to the website domain name.

In the implementation manner, the access terminal, after obtaining theactual IP address corresponding to the website domain name, replaces theIP address of the access terminal in the HTTP request message with theactual IP address and transmits the actual IP address, so that the userequipment is also enabled to successfully access the target sitecorresponding to the website domain name, and the user equipment neitherneeds to wait the cached correspondence between the website domain nameand the IP address of the access terminal to expire, nor needs to closeand restart the browser on the user equipment, thereby improving theefficiency for successfully accessing the target site.

FIG. 1A is a flow chart of an access control method according to anembodiment of the present invention. As shown in FIG. 1A, the method ofthis embodiment includes the following steps:

Step 101: An access terminal receives an HTTP request messagetransmitted by a user equipment where a destination IP address is an IPaddress of the access terminal, where the HTTP request message includesa website domain name.

The website domain name is a domain name of a target site a user needsto access, which may be input by the user in a browser on the userequipment. The destination IP address is the IP address of the accessterminal.

Specifically, when the user needs to access a site (recorded as thetarget site), the user inputs the website domain name of the target sitein the browser on the user equipment. The user equipment queries cachedcorrespondence between a locally website domain name and an IP addressaccording to the website domain name input by the user, obtains an IPaddress corresponding to the website domain name, and then generates anHTTP request message.

The destination IP address in the HTTP request message is an IP addressin the correspondence, cached by the user equipment, between the websitedomain name and the IP address of the access terminal. The HTTP requestmessage further includes the website domain name. Preferably, the userequipment may place the website domain name in a host (Host) field orreferrer (Referrer) field of a header of the HTTP request message, butis not limited here. For example, the website domain name may be carriedthrough other fields except the Host field or Referrer field.

In this embodiment, the IP address in the correspondence, cached by theuser equipment, between the website domain name and the IP address isthe IP address of the access terminal. Optionally, if the accessterminal, before receiving the HTTP request message transmitted by theuser equipment, receives a DNS resolution request transmitted by theuser equipment, and the access terminal has not accessed an externalnetwork, the access terminal uses the IP address of the access terminalas a DNS resolution result and returns the DNS resolution result to theuser equipment.

Persons of ordinary skill in the art can understood that the HTTPrequest message transmitted by the user equipment carries an identifierof the user equipment, so as to enable the access terminal todistinguish different user equipments.

Step 102: The access terminal determines whether the website domain nameis a first domain name; where when a determination result is no, performstep 103; and when the determination result is yes, perform step 106.

The first domain name is a domain name corresponding to the IP addressof the access terminal. The access terminal locally stores a domain namecorresponding to the IP address of the access terminal, that is, theaccess terminal locally stores the first domain name.

The access terminal, after receiving the HTTP request message where thedestination IP address is the IP address of the access terminal, parsesthe HTTP request message, obtains a website domain name (that is, thedomain name of the target site the user requests to access) from theHTTP request message, and then compares the website domain name obtainedfrom the HTTP request message with the domain name corresponding to theIP address of the access terminal, so as to determine whether the HTTPrequest message is a valid request.

If the determination result is yes, that is, the access terminaldetermines that the website domain name obtained from the HTTP requestmessage is the domain name corresponding to the IP address of the accessterminal, it means that the HTTP request message is valid, and the HTTPrequest message is a request used by the user equipment to access theWeb management page on the access terminal, so the access terminalperforms step 106, that is, the IP address of the access terminal istransmitted to the user equipment as an HTTP request result, so as toredirect the user equipment to the Web management page on the accessterminal.

If the determination result is no, that is, the access terminaldetermines that the domain name obtained from the HTTP request messageis not the domain name corresponding to the IP address of the accessterminal, it means that the HTTP request message is transmitted by theuser equipment using the IP address of the access terminal as an actualIP address of the website domain name, and is an invalid request, so theaccess terminal performs step 103, that is, it is further determinedwhether the access terminal has accessed an external network, so as todetermine whether DNS resolution can be performed to obtain an actual IPaddress for the website domain name.

Step 103: The access terminal determines whether the access terminal hasaccessed the external network; where when a determination result is yes,perform step 104; and when the determination result is no, perform step107.

In this embodiment, the access terminal records a state indicateswhether the access terminal has accessed the external network. Theaccess terminal can determine whether the access terminal has accessedthe external network according to the recorded state. For example, anaccess mark is set on the access terminal, and the access mark is usedfor identifying whether the access terminal has accessed the externalnetwork; after the access terminal has accessed the external network,the access mark is set to 1; and when the access terminal has notaccessed the external network, the access mark is set to 0. Based onthat, the access terminal determines whether the access terminal hasaccessed the external network according to a value of the access mark.The value of the access value is not limited to 0 and 1.

In the case that the website domain name is not the domain namecorresponding to the IP address of the access terminal, if the accessterminal determines that the access terminal has accessed the externalnetwork, the access terminal performs step 104, that is, the DNSresolution is performed to obtain the actual IP address for the websitedomain name; and if the access terminal determines that the accessterminal has not accessed the external network, the access terminalperforms step 107, that is, the IP address of the access terminal istransmitted to the user equipment as a DNS resolution result, so as toredirect the user equipment to the Web management page on the accessterminal, so that the user equipment performs an operation such as adialup access.

Step 104: The access terminal obtains an actual IP address correspondingto the website domain name according to the DNS resolution.

Specifically, the access terminal transmits a DNS resolution request toa DNS server in the external network, where the DNS resolution requestincludes the website domain name. The DNS server receives the DNSresolution request transmitted by the access terminal, parses the DNSresolution request and obtains the website domain name therein, and thenperforms the DNS resolution on the website domain name, obtains theactual IP address corresponding to the website domain name, and thentransmits a DNS reply packet to the access terminal, where the DNS replypacket includes the obtained actual IP address. The access terminalreceives the DNS reply packet returned by the DNS server, and obtainsthe actual IP address corresponding to the website domain name from theDNS reply packet.

Step 105: The access terminal initiates an HTTP redirection request tothe user equipment, so as to enable the user equipment to reinitiate,according to the actual IP address, an HTTP request for accessing thetarget site, where the HTTP redirection request includes the actual IPaddress.

In an optional implementation manner in this embodiment, the accessterminal may transmit an HTTP redirection packet to the user equipment,and carry the actual IP address through a header field of the HTTPredirection packet, which is not limited in this embodiment.

Optionally, the HTTP redirection packet may be, but not limited to, anHTTP response code 300 (multiple choices), an HTTP response code 301(moved permanently), an HTTP response code 302 (found), an HTTP responsecode 303 (see other), or an HTTP response code 307 (temporary redirect).

In an optional implementation manner of this embodiment, the accessterminal may transmit an HTTP redirection page to the user equipment,and carries the actual IP address through the HTTP redirection page.

Furthermore, the access terminal may further carry link informationpointing to the actual IP address in the redirection page, which is usedfor automatically controlling the user equipment to reinitiate,according to the actual IP address, the HTTP request for accessing thetarget site. The link information pointing to the actual IP address maybe, but not limited to, a browser client script or plug-in in theredirection page.

The script or plug-in may include but not limited to: Javascript,VBScript, or Flash.

After the user equipment receives the actual IP address of the websitedomain name, the user can directly input the website domain name in thebrowser on the user equipment, neither needs to wait close the browseron the user equipment nor needs to wait the correspondence, cached bythe user equipment, between the IP address of the access terminal andthe website domain name to expire, and can reinitiate the HTTP request.

Step 106: The access terminal transmits the IP address of the accessterminal to the user equipment as the HTTP request result, so as toredirect the user equipment to the Web management page on the accessterminal, and ends the operation.

Step 107: The access terminal transmits the IP address of the accessterminal to the user equipment as the DNS resolution result, so as toredirect the user equipment to the Web management page on the accessterminal, and ends the operation.

In this embodiment, when the access terminal determines that the HTTPrequest message where the destination IP address is the IP address ofthe access terminal is an invalid request, it is further determinedwhether the access terminal has accessed the external network, and ifthe access terminal has accessed the external network, the actual IPaddress corresponding to the website domain name is obtained accordingto the DNS resolution, enabling the user to reinitiate the HTTP requestfor accessing the target site neither needing to wait thecorrespondence, cached by the user equipment, between the IP address ofthe access terminal and the website domain name to expire, nor needingto close and restart the browser on the user equipment, and therebyimproving an efficiency for accessing the target site; and if the accessterminal has not accessed the external network, the user equipment isredirected to the Web management page on the access terminal, so as toenable the user performs an operation of accessing the external networkin time through the Web management page, thereby facilitating to improvean efficiency for accessing the target site to a certain extent.

FIG. 1B is a flow chart of an access control method according to anotherembodiment of the present invention. This embodiment may be implementedbased on the embodiment shown in FIG. 1A. As shown in FIG. 1B, themethod of this embodiment includes the following steps before step 101:

Step 100 a: An access terminal receives a DNS resolution requesttransmitted by a user equipment, where the DNS resolution requestincludes a website domain name.

Step 100 b: The access terminal, when determining that the accessterminal has not accessed an external network, transmits an IP addressof the access terminal to the user equipment as a DNS resolution result,so as to redirect the user equipment to a Web management page on theaccess terminal.

In this embodiment, the user equipment has accessed the external networkthrough the access terminal. The access terminal can provide a Webmanagement page for a user. For example, the user can input an IPaddress of the access terminal (for example, 192. 168. 1. 1) or a domainname (for example, mobilewifi. home) corresponding to the IP address ofthe access terminal in a browser on the user equipment, so as to accessthe Web management page on the access terminal. On the Web managementpage of the access terminal, the user is provided with functions such asa dialing function for accessing the external network, devicemanagement, and parameter configuration, so the user can performoperations such as dialing, device management, and parameterconfiguration through the Web management page on the access terminal.

When the user needs to access a site (recorded as a target site), theuser inputs a website domain name in the browser on the user equipment;the user equipment generates a DNS resolution request according to thewebsite domain name input by the user and transmits the DNS resolutionrequest to the access terminal; the access terminal determines whetherthe access terminal has accessed the external network, and if the accessterminal has not accessed the external network currently, the accessterminal returns the IP address of the access terminal or a domain namecorresponding to the IP address of the access terminal to the userequipment as the DNS resolution result, so as to redirect the userequipment to the Web management page on the access terminal, and on theWeb management page of the access terminal, a reason for that thenetwork cannot be accessed is displayed and a function of accessing theexternal network is provided; and the user performs the dialing throughthe Web management page on the access terminal, so as to enable theaccess terminal to access the external network.

In the foregoing process, the user equipment caches the correspondencebetween the IP address of the access terminal and the website domainname.

In this embodiment, after the access terminal has accessed the externalnetwork, the user can directly input the domain name in the browserpresenting the Web management page on the user equipment, and at thistime, the user equipment queries a local cache, uses the IP address ofthe access terminal as the actual IP address of the website domain name,and does not initiate the DNS resolution again but performs step 101,that is, generates an HTTP request message and transmits the HTTPrequest message to the access terminal. The destination IP address ofthe HTTP request message is the IP address of the access terminal ratherthan the actual IP address corresponding to the website domain name.

It can be seen that this embodiment solves the following problem: afterthe user has accessed the external network (for example, dialing)through the Web management page on the access terminal, the userdirectly inputs the original website domain name in the browserpresenting the Web management page on the user equipment but cannotaccess the target site. In this embodiment, the user can successfullyaccess the target site neither needing to wait the cached correspondencebetween the website domain name and the IP address of the accessterminal to expire, nor needing to close and restart the browser on theuser equipment, thereby improving an efficiency for accessing the targetsite.

This embodiment is further described in combination with an actualapplication scenario below. Assuming that in the application scenario, auser needs to access a target site of which the website domain name iswww. xxxxx. com, a access terminal has not accessed an external networkcurrently, and the state of the access terminal meets a redirectioncondition, the specific process in which the user has accessed thetarget site of which the website domain name is www. xxxxx. com is asfollows:

Step a: The user inputs the website domain name www. xxxxx. com in thebrowser on a user equipment, where the website domain name www. xxxxx.com corresponds to the target site the user wants to access.

Step b: The user equipment transmits a DNS resolution request to theaccess terminal, and the access terminal returns the IP address of theaccess terminal, for example, 192. 168. 1. 1, to the user equipment as aquery result of the DNS.

Step c: The user equipment caches the DNS resolution result, that is,the user equipment considers that an actual IP address corresponding tothe website domain name www. xxxxx. com is 192. 168. 1. 1.

Step d: The user equipment initiates an HTTP request to the accessterminal, and the Web management page on the access terminal ispresented on the browser on the user equipment, and the user performs adialup access by operating the Web management page.

Step e: The user does not close the browser on the user equipment, andinputs the website domain name www. xxxxx. com again in the browserpresenting the Web management page on the user equipment.

Step f: The user equipment queries the local cache, directly uses an IPaddress of the access terminal 192. 168. 1. 1 as the actual IPcorresponding to the website domain name www. xxxxx. com, generates andtransmits the HTTP request message, and does not initiate the DNSresolution again.

Step g: The access terminal, after receiving the HTTP request message,determines whether the website domain name of the header of the HTTPrequest message is the domain name corresponding to the IP address ofthe access terminal. Assuming that the domain name corresponding to theIP address of the access terminal 192. 168. 1. 1 is www. aaaaa. com, theaccess terminal determines that the current HTTP request is faulty.

Step h: The access terminal, after determining that the current HTTPrequest is faulty, continues to determine whether the access terminalhas currently gained access to the external network, if the accessterminal has not accessed the external network, the access terminalreturns the IP address of the access terminal 192. 168. 1. 1 to the userequipment, so as to redirect the user equipment to the Web managementpage on the access terminal; and if the access terminal has accessed theexternal network, the DNS server performs the DNS resolution, andobtains the actual IP address of the website domain name www. xxxxx.com.

Step i: The access terminal, after obtaining the actual IP address ofthe website domain name www. xxxxx. com, constructs an HTTP redirectionrequest, and transmits the actual IP address of the website domain namewww. xxxxx. com to the user equipment through the HTTP redirectionrequest.

A specific implementation manner of the HTTP redirection request may bean HTTP redirection packet or redirection page.

Step j: The user equipment retransmits the HTTP request message to theaccess terminal according to the actual IP address of the website domainname www. xxxxx. com.

Step k: The access terminal, after receiving the HTTP request message,forwards the HTTP request message, and the user equipment finally hasaccessed the target site corresponding to the website domain name www.xxxxx. com.

Furthermore, it is noted here that the method of this embodiment of thepresent invention is not only applicable to the redirection applicationscenario in the process the target site is accessed by using the websitedomain name, but also applicable to other redirection applicationscenarios. For example, an application scenario in which the DNSredirection is used to implement a load balance in a fixed network.

The principle for the DNS redirection to implement the load balance is:configuring the same name for multiple IP addresses in the DNS server,so as to enable a client querying the name to obtain one of theaddresses, so that different clients access different servers, therebyachieving the objective of the load balance. However, when a serverfails, though DNS setting is modified in time, it is still required towait for enough time (for example, certain renew time) to take effect.In this period, a client which caches an IP address of the faulty servercannot access the server normally, and therefore cannot obtain arequired service. Alternatively, when an IP address of a server changes,if it is the original IP address of the server cached in the client, theclient cannot access the server either before the IP address of theserver is updated. For the foregoing problems, the DNS server may adoptthe access control method provided by this embodiment of the presentinvention, when the DNS resolution request transmitted by the client isreceived, it is determined whether the IP address of the server in theDNS resolution request is consistent with the cached IP address of theserver, or it is determined according to the IP address of the server inthe DNS resolution request whether the corresponding server is faulty,and when the determination result is that the IP addresses areinconsistent or the server is faulty, the client is redirected to anormal server, enabling the client to obtain the required service intime.

FIG. 2A is a flow chart of an access control method according to anotherembodiment of the present invention. As shown in FIG. 2A, the method ofthis embodiment includes the following steps:

Step 201: An access terminal receives an HTTP request messagetransmitted by a user equipment where a destination IP address is an IPaddress of the access terminal, where the HTTP request message includesa website domain name.

Step 202: The access terminal determines whether the website domain nameis a first domain name; where when a determination result is no, performstep 203; and when the determination result is yes, perform step 205.

Step 203: The access terminal determines whether the access terminal hasaccessed the external network; where when a determination result is yes,perform step 204; and when the determination result is no, perform step206.

Reference may be made to descriptions of step 101 to step 103 for thestep 201 to step 203, and are not described here again.

Step 204: The access terminal replaces the destination IP address of theHTTP request message which is the IP address of the access terminal withthe actual IP address and transmits the actual IP address, so as toenable the user equipment to access a target site corresponding to thewebsite domain name.

In this embodiment, when the access terminal determines that the websitedomain name in the HTTP request message is not a domain namecorresponding to the IP address of the access terminal, and the accessterminal has accessed the external network, the access terminal directlyreplaces the destination IP address of the HTTP request message which isthe IP address of the access terminal with the actual IP addresscorresponding to the website domain name in the HTTP request message,and then transmits the HTTP request message of which the destination IPaddress is replaced, so as to enable the user equipment to successfullyaccess the target site, thereby solving the problem in the prior artthat after inputting the website domain name in the browser on the userequipment, the user cannot access the target site corresponding to thewebsite domain name because the browser caches the IP address of theaccess terminal.

In addition, in the case that the user equipment is set with cacheexpiration time, by using the access control method provided by thisembodiment, the user can successfully access the target sitecorresponding to the website domain name without waiting thecorrespondence, cached by the user equipment, between the IP address ofthe terminal and the website domain name to expire, thereby improving anefficiency for accessing the target site. In the case that the followingis set for the user equipment: the cached correspondence between the IPaddress of the access terminal and the website domain name can becleared by closing and restarting the browser on the user equipment, byusing the access control method provided by this embodiment, the usercan successfully access the target site corresponding to the websitedomain name without closing the browser on the user equipment, therebyimproving the efficiency for accessing the target site. It is noted herethat, in the case that the cache expiration time is set for the userequipment, when the cache expiration time does not arrive, the targetsite cannot be successfully accessed though the user closes and restartsthe user equipment, however, by using the access control method providedin this embodiment, the user can successfully access the target sitecorresponding to the website domain name neither needing to close andrestart the browser on the user equipment nor needing to wait the cachetime to expire, thereby improving the efficiency for accessing thetarget site.

Step 205: The access terminal transmits the IP address of the accessterminal to the user equipment as the HTTP request result, so as toredirect the user equipment to the Web management page on the accessterminal, and ends the operation.

Step 206: The access terminal transmits the IP address of the accessterminal to the user equipment as the DNS resolution result, so as toredirect the user equipment to the Web management page on the accessterminal, and ends the operation.

Reference may be made to descriptions of step 206 to step 207 for thestep 205 to step 206, and are not described here again.

FIG. 2B is a flow chart of an access control method according to anotherembodiment of the present invention. This embodiment is implementedbased on the embodiment shown in FIG. 2A, and as shown in FIG. 2B, themethod of this embodiment includes the following steps before step 201:

Step 200 a: An access terminal receives a DNS resolution requesttransmitted by a user equipment, where the DNS resolution requestincludes a website domain name.

Step 200 b: The access terminal, when determining that the accessterminal has not accessed an external network, transmits an IP addressof the access terminal to the user equipment as a DNS resolution result,so as to redirect the user equipment to a Web management page on theaccess terminal.

Reference may be made to descriptions of step 100 a to step 100 b forthe step 200 a to step 200 b, and are not described here again.

It can be seen that this embodiment solves the following problem: afterthe user has accessed the external network through the Web managementpage on the access terminal, the user directly inputs the originalwebsite domain name in the browser presenting the Web management page onthe user equipment but cannot access the target site. In thisembodiment, the user can successfully access the target site neitherneeding to wait the cached correspondence between the website domainname and the IP address of the access terminal to expire, nor needing toclose and restart the browser on the user equipment, thereby improvingan efficiency for accessing the target site.

FIG. 3A is a schematic structural diagram of an access terminalaccording to an embodiment of the present invention. As shown in FIG.3A, an access terminal of this embodiment includes a receiver 31 and aprocessor 32.

The receiver 31 is configured to receive an HTTP request messagetransmitted by a user equipment where a destination IP address is an IPaddress of the access terminal, where the HTTP request message includesa website domain name.

The processor 32 is connected to the receiver 31, and is configured toobtain an actual IP address corresponding to the website domain nameaccording to DNS resolution when the website domain name in the HTTPrequest message received by the receiver 31 is not a first domain name,and control, according to the actual IP address, the user equipment toaccess a target site corresponding to the website domain name. The firstdomain name is a domain name corresponding to the IP address of theaccess terminal.

It is determined that the website domain name in the HTTP requestmessage received by the receiver 31 is not the first domain name.Specifically, the processor 32 can parse the HTTP request message,obtain the website domain name from the HTTP request message, and thencompare the obtained website domain name with a domain namecorresponding to the IP address of the access terminal, and determinewhether the obtained website domain name is the domain namecorresponding to the IP address of the access terminal. The accessterminal locally stores the domain name corresponding to the IP addressof the access terminal.

The access terminal provided by this embodiment can be used to executethe process of the foregoing access control method embodiment, and thespecific working principle is described in the method embodiments, andis not described here again.

It is noted here that, the access terminal of this embodiment mayfurther include components such as a power module, an input and outputinterface, and a memory in addition to the receiver and the processor.The processor may be a central processing unit (Central Processing Unit,CPU), and for convenience of the illustration, the components are notshown in figures.

In this embodiment, the access terminal, after receiving the HTTPrequest message where the destination IP address is the address of theaccess terminal, by comparing the website domain name in the HTTPrequest message with the domain name corresponding to the IP address ofthe access terminal, determines the validity of the HTTP requestmessage; and when determining that the website domain name is not thedomain name corresponding to the IP address of the access terminal,determines that the HTTP request message is transmitted by the userequipment using the IP address of the access terminal as the actual IPaddress of the website domain name and is an invalid request, andtherefore the access terminal obtains the actual IP addresscorresponding to the website domain name according to the DNSresolution, and controls, according to the actual IP address, the userequipment to access the target site corresponding to the website domainname, so as to enable the user equipment to successfully access thetarget site corresponding to the website domain name. In this way, thefollowing problem is solved: after inputting the website domain name inthe browser on the user equipment, the user cannot access the targetsite corresponding to the website domain name because of thecharacteristic that the browser caches the IP address of the accessterminal. In addition, in this embodiment, the access terminal canenable the user to successfully access the target site corresponding tothe website domain name neither needing to wait the correspondence,cached by the user equipment, between the IP address of the accessterminal and the website domain name to expire, nor needing to close andrestart the browser on the user equipment, thereby improving anefficiency for accessing the target site.

FIG. 3B is a schematic structural diagram of an access terminalaccording to another embodiment of the present invention. Thisembodiment is implemented base on the embodiment shown in FIG. 3A, andas shown in FIG. 3B, the access terminal of this embodiment furtherincludes a transmitter 33.

In this embodiment, the process in which the processor 32 controls,according to the actual IP address, the user equipment to access thetarget site corresponding to the website domain name includes asfollows: the processor 32 is configured to replace the destination IPaddress of the HTTP request message which is the IP address of theaccess terminal with the actual IP address obtained by the processor 32,where the HTTP request message is received by the receiver 31, andcontrol the transmitter 33 to transmit the HTTP request message of whichthe destination IP address is replaced, so as to enable the userequipment to access the target site corresponding to the website domainname.

Correspondingly, the transmitter 33 is connected to the processor 32,and is configured to transmit the HTTP request message of which thedestination IP address is replaced under the control of the processor32.

In addition, in this embodiment, the process in which the processorcontrols, according to the actual IP address, the user equipment toaccess the target site corresponding to the website domain name includesas follows: the processor 32 is configured to control the transmitter 33to transmit an HTTP redirection request to the user equipment, so as toenable the user equipment to reinitiate, according to the actual IPaddress obtained by the processor 32, an HTTP request for accessing thetarget site. The HTTP redirection request includes the actual IPaddress.

The processor 32 may specifically be configured to control thetransmitter 33 to initiate the HTTP redirection request to the userequipment, so as to enable the user equipment to reinitiate, accordingto the actual IP address obtained by the processor 32, the HTTP requestfor accessing the target site, so as to achieve the objective ofcontrolling the user equipment to access the target site correspondingto the website domain name.

Optionally, the transmitter 33 may specifically be configured totransmit an HTTP redirection request packet or an HTTP redirection pageto the user equipment. The HTTP redirection request packet or the HTTPredirection page includes the actual IP address.

Furthermore, the transmitter 33 may be further configured to transmit aDNS reply packet to the user equipment under the control of theprocessor 32 when the website domain name is the first domain name, soas to redirect the user equipment to the Web management page of theaccess terminal, where the DNS reply packet includes the IP address ofthe access terminal.

The access terminal provided by this embodiment can be used to executethe process of the foregoing access control method embodiment, and thespecific working principle is described in the method embodiments, andis not described here again.

In this embodiment, the access terminal, after receiving the HTTPrequest message where the destination IP address is the IP address ofthe access terminal, by comparing the website domain name in the HTTPrequest message with the domain name corresponding to the IP address ofthe access terminal, determines the validity of the HTTP requestmessage; and when determining that the website domain name is not thedomain name corresponding to the IP address of the access terminal,determines that the HTTP request message is transmitted by the userequipment using the IP address of the access terminal as the actual IPaddress of the website domain name and is an invalid request, andtherefore the access terminal obtains the actual IP addresscorresponding to the website domain name according to the DNSresolution, and controls, according to the actual IP addresscorresponding to the website domain name, the user equipment to accessthe target site corresponding to the website domain name, so as toenable the user equipment to successfully access the target sitecorresponding to the website domain name. In this way, the followingproblem is solved: after inputting the website domain name in thebrowser on the user equipment, the user cannot access the target sitecorresponding to the website domain name because of the characteristicthat the browser caches the IP address of the access terminal. Inaddition, in this embodiment, the access terminal can enable the userequipment to successfully access the target site corresponding to thewebsite domain name in the case that the access terminal does not needto wait the correspondence, cached by the user equipment, between the IPaddress of the access terminal and the website domain name to expire,and does not need to close and restart the browser on the userequipment, thereby improving an efficiency for accessing the targetsite.

FIG. 4 is a schematic structural diagram of an access control systemaccording to an embodiment of the present invention. As show in FIG. 4,a system of this embodiment includes: a user equipment 41, an accessterminal 42, and a DNS server 43.

The user equipment 41 is configured to transmit an HTTP request messagewhere a destination IP address is an IP address of the access terminalto the access terminal 42, where the HTTP request message includes awebsite domain name.

The access terminal 42 in this embodiment includes a receiver and aprocessor.

The receiver is configured to receive the HTTP request messagetransmitted by the user equipment 41. The processor is connected to thereceiver, and is configured to obtain an actual IP address correspondingto the website domain name according to DNS resolution when the websitedomain name in the HTTP request message received by the receiver is nota first domain name, and control, according to the actual IP address,the user equipment to access a target site corresponding to the websitedomain name. The first domain name is a domain name corresponding to theIP address of the access terminal.

Optionally, the access terminal 42 in this embodiment may furtherinclude a transmitter.

The DNS server 43 is configured to perform the DNS resolution.Optionally, the process in which the DNS server 43 performs the DNSresolution may include: receiving a DNS resolution request transmittedby the processor of the access terminal 42, where the DNS resolutionrequest includes the website domain name in the HTTP request message.The DNS server 43 performs the DNS resolution on the website domain namein the DNS resolution request, obtains the actual IP addresscorresponding to the website domain name, and then returns the obtainedactual IP address to the processor of the access terminal 42 as a DNSresolution result.

Optionally, the user equipment 41 is connected to the receiver of theaccess terminal 42, and the DNS server 43 is connected to the processorof the access terminal 42.

It is noted here that, reference may be made to the description of theembodiment shown in FIG. 3A for a structure of the access terminal 42 inthis embodiment, and reference may be made to the description of theforegoing method embodiments for the working principle, which are notdescribed here again.

In the access control system of this embodiment, the access terminal,after receiving the HTTP request message where the destination IPaddress is the address of the access terminal, by comparing the websitedomain name in the HTTP request message with the domain namecorresponding to the IP address of the access terminal, determines thevalidity of the HTTP request message; and when determining that thewebsite domain name is not the domain name corresponding to the IPaddress of the access terminal, determines that the HTTP request messageis transmitted by the user equipment using the IP address of the accessterminal as the actual IP address of the website domain name and is aninvalid request, and the access terminal further obtains the actual IPaddress corresponding to the website domain name, and controls,according to the actual IP address, the user equipment to access thetarget site corresponding to the website domain name, so as to enablethe user equipment to access the target site corresponding to thewebsite domain name, and the user can successfully access the targetsite in the case that the user equipment does not need to wait thecorrespondence, cached by the user equipment, between the IP address andthe website domain name to expire and does not need to close and restartthe browser on the user equipment, thereby improving an efficiency foraccessing the target site.

Persons of ordinary skill in the art should understand that all or partof the steps of the methods in the embodiments may be implemented by aprogram instructing relevant hardware. The program may be stored in acomputer readable storage medium. When the program runs, the above stepsof the methods in the embodiments are performed. The storage medium maybe any medium capable of storing program codes, such as ROM, RAM,magnetic disk, or optical disk, and like.

Finally, it should be noted that the above embodiments are merelyintended for describing the technical solutions of the present inventionother than limiting the present invention. Although the presentinvention is described in detail with reference to the foregoingembodiments, persons of ordinary skill in the art should understand thatthey can still make modifications to the technical solutions describedin the foregoing embodiments, or make equivalent substitutions to someor all the technical features thereof, without departing from the scopeof the technical solutions of the embodiments of the present invention.

What is claimed is:
 1. An access control method implemented in a webbrowsing session, comprising: receiving, by an access terminal, aHypertext Transport Protocol (HTTP) request message from a userequipment (UE), wherein the HTTP request message comprises a websitedomain name and an IP address, and wherein if there is a correspondencebetween the website domain name and an IP address cached in the UE, theIP address in the HTTP request is the IP address cached in the UE;determining, by the access terminal, whether the IP address in the HTTPrequest message is an IP address of the access terminal; if the IPaddress in the HTTP request message is the IP address of the accessterminal, and the website domain name in the HTTP request message doesnot match a domain name of the access terminal, obtaining, by the accessterminal, an actual IP address corresponding to the website domain namein the HTTP request message via a domain name system (DNS) resolution;and controlling, by the access terminal, the UE to access a targetwebsite corresponding to the actual IP address.
 2. The access controlmethod according to claim 1, wherein controlling, by the accessterminal, the UE to access the target website corresponding to theactual IP address comprises: replacing, by the access terminal, the IPaddress of the access terminal with the actual IP address correspondingto the website domain name and redirecting a browser to the actual IPaddress.
 3. The access control method according to claim 1, whereincontrolling, by the access terminal, the UE to access the target websitecorresponding to the actual IP address comprises: initiating, by theaccess terminal, an HTTP redirection request message to the UE, whereinthe HTTP redirection request message comprises the actual IP addresscorresponding to the website domain name, and wherein the UE retransmitsthe HTTP request message according to the correspondence between thewebsite domain name and the actual IP address.
 4. The access controlmethod according to claim 3, wherein initiating, by the access terminal,the HTTP redirection request message to the UE comprises: transmitting,by the access terminal, an HTTP redirection request packet or an HTTPredirection page to the UE.
 5. The access control method according toclaim 4, wherein the HTTP redirection packet is one of: an HTTP responsecode 300, an HTTP response code 301, an HTTP response code 302, and anHTTP response code
 307. 6. The access control method according to claim1, further comprising: if the website domain name in the HTTP requestmessage matches the domain name of the access terminal, transmitting, bythe access terminal, a DNS reply packet including the IP address of theaccess terminal to the UE, so as to redirect the UE to a Web managementpage of the access terminal.
 7. An access terminal in communication witha user equipment (UE) in a web browsing session, comprising: a receiver,configured to receive a Hypertext Transport Protocol (HTTP) requestmessage from the UE, wherein the HTTP request message comprises awebsite domain name and an IP address, and wherein if there is acorrespondence between the website domain name and an IP address cachedin the UE, the IP address in the HTTP request is the IP address cachedin the UE; and a processor, configured to: determine whether the IPaddress in the HTTP request message is an IP address of the accessterminal; if the IP address in the HTTP request message is the IPaddress of the access terminal, and the website domain name in the HTTPrequest message does not match a domain name of the access terminal,obtain an actual IP address corresponding to the website domain name inthe HTTP request message via a domain name system (DNS) resolution, andcontrol the UE to access a target website corresponding to the actual IPaddress.
 8. The access terminal according to claim 7, wherein incontrolling the UE to access the target website corresponding to theactual IP address, the processor is configured to replace the IP addressof the access terminal with the actual IP address corresponding to thewebsite domain name, and redirect a browser to the actual IP address. 9.The access terminal according to claim 7, further comprising atransmitter; wherein in controlling the UE to access the target websitecorresponding to the actual IP address, the processor is configured toinitiate an HTTP redirection request message, and the transmitter isconfigured to transmit the HTTP redirection request message to the UE,wherein the HTTP redirection request message comprises the actual IPaddress corresponding to the website domain name, and wherein the UEretransmits the HTTP request message according to the correspondencebetween the website domain name and the actual IP address.
 10. Theaccess terminal according to claim 9, wherein in transmitting the HTTPredirection request message to the UE, the transmitter is configured totransmit an HTTP redirection request packet or an HTTP redirection pageto the UE.
 11. The access terminal according to claim 8, furthercomprising a transmitter; wherein if the website domain name in the HTTPrequest message matches the domain name of the access terminal, thetransmitter is further configured to transmit a domain name system DNSreply packet including the IP address of the access terminal to the UEunder control of the processor, so as to redirect the UE to a Webmanagement page of the access terminal.
 12. A computer program productcomprising a non-transitory computer readable storage medium storingprogram code thereon for use by an access terminal in a web browsingsession, the program code comprising: instructions for receiving aHypertext Transport Protocol (HTTP) request message from a userequipment (UE), wherein the HTTP request message comprises a websitedomain name and an IP address, and wherein if there is a correspondencebetween the website domain name and an IP address cached in the UE, theIP address in the HTTP request is the IP address cached in the UE;instructions for determining whether the IP address in the HTTP requestmessage is an IP address of the access terminal; instruction for, if theIP address in the HTTP request message is the IP address of the accessterminal, and the website domain name in the HTTP request message doesnot match a domain name of the access terminal, obtaining an actual IPaddress corresponding to the website domain name in the HTTP requestmessage via a domain name system (DNS) resolution; and instructions forcontrolling the UE to access a target website corresponding to theactual IP address.
 13. The access control method according to claim 1,wherein before receiving the HTTP request message by the accessterminal, the method further comprises: receiving, by the accessterminal, a domain name system (DNS) resolution request message from theUE, wherein the DNS resolution request message comprises the websitedomain name inputted by a user of the UE; and sending, by the accessterminal, a DNS response message to the UE, wherein the DNS responsemessage comprises an IP address, if the access terminal fails to connectto the Internet, the IP address in the DNS response message is an IPaddress of the access terminal, or, if the access terminal connects tothe Internet, the IP address in the DNS response message is the actualIP address corresponding to the website domain name, and wherein afterreceiving the DNS response message, the UE caches a correspondencebetween the website domain name and the IP address provided by theaccess terminal.
 14. The access terminal according to claim 7, furthercomprising a transmitter, wherein before receiving the HTTP requestmessage, the receiver is further configured to receive a domain namesystem (DNS) resolution request message from the UE, wherein the DNSresolution request message comprises the website domain name inputted bya user of the UE; and the transmitter is configure to send a DNSresponse message to the UE, wherein the DNS response message comprisesan IP address, if the access terminal fails to connect to the Internet,the IP address in the DNS response message is an IP address of theaccess terminal, or, if the access terminal connects to the Internet,the IP address in the DNS response message is the actual IP addresscorresponding to the website domain name, and wherein after receivingthe DNS response message, the UE caches a correspondence between thewebsite domain name and the IP address provided by the access terminal.15. The computer program product according to claim 12, wherein theprogram code further comprises: instructions for receiving a domain namesystem (DNS) resolution request message from the UE before receiving theHTTP request message, wherein the DNS resolution request messagecomprises the website domain name inputted by a user of the UE; andinstructions for sending a DNS response message to the UE, wherein theDNS response message comprises an IP address, if the access terminalfails to connect to the Internet, the IP address in the DNS responsemessage is an IP address of the access terminal, or, if the accessterminal connects to the Internet, the IP address in the DNS responsemessage is the actual IP address corresponding to the website domainname, and wherein after receiving the DNS response message, the UEcaches a correspondence between the website domain name and the IPaddress provided by the access terminal.